Graduate School of Information Science, Nara Institute of Science and Technology
Doctor of Engineering
April 2014 - September 2016
Software code review is a well-established software quality practice. During code review, team members examine each others' code changes in order to identify potential problems early in the development cycle. In a distributed development setting, code review in modern software organizations tends to converge on a lightweight variant called Modern Code Review (MCR). While enabling distributed reviews, MCR lacks mechanisms for ensuring a base level of review quality, which the formal software inspection of the past achieved through the careful review preparation and the formal review execution. Lax reviewing practices may creep into MCR processes, which can impact software quality.
In this thesis, we perform a series of empirical studies in order to better understand how teams can improve their reviewing practices in MCR processes. We first perform two empirical studies to investigate how reviewers should be selected. We observe that (1) the proportion of reviewers without an expertise of a module shares a strong, increasing relationship with the likelihood of that module having future defects; however, (2) it is often difficult selecting appropriate reviewers, which can slow down MCR processes. To address this problem, we propose RevFinder, a file location-based reviewer recommendation approach. Our empirical evaluation shows that RevFinder accurately recommends (within top 10 recommendation) an appropriate reviewer for 69%-86% of reviews.
We then perform another two empirical studies to investigate reviewer involvement in MCR process. We observe that (1) modules that will eventually have future defects or have been historically defective tend to be reviewed with less reviewer involvement than their clean counterparts and (2) past reviewer involvement tendencies are strong indicators of poor reviewer involvement.
Our results and empirical observations highlight the need for improved reviewing policies in an MCR context in order to mitigate the risk of having defects in software products.